Secure Coding mailing list archives
Secure Programming with Static Analysis
From: jjchryan at gwu.edu (Julie Ryan)
Date: Mon, 9 Jul 2007 17:30:47 -0400
The US Dept of Defense has done some work on the procurement side of the problem. Here are two papers for those in very large bureaucracies who might be interested: Best Software Assurance Practices in Acquisition of Trusted Systems http://www.cisse.info/colloquia/cisse10/proceedings10/pdfs/papers/ S02P03.pdf Software Assurance: Five Essential Considerations for Acquisition Officials http://www.stsc.hill.af.mil/CrossTalk/2007/05/0705PolydysWisseman.html On Jul 9, 2007, at 1:16 PM, McGovern, James F (HTSC, IT) wrote:
If you are seeking additional book ideas for this series, may I suggest posting to computerbookauthors at yahoogroups.com? There are two books that I would love to see: - Designing Secure Software - Not everything is about the code - Procuring Secure Software - Most enterprises nowadays buy software vs build it -----Original Message----- From: sc-l-bounces at securecoding.org [mailto:sc-l-bounces at securecoding.org] On Behalf Of Gary McGraw Sent: Thursday, July 05, 2007 9:01 AM To: 'Brian Chess'; 'sc-l at securecoding.org' Subject: Re: [SC-L] Secure Programming with Static Analysis Hi sc-l, I have read this awesome book (more than once) and can vouch for it. It is an important part of the addison-wesley software security series, the series that includes: Software Security www.swsec.com Rootkits Exploiting Software Building Secure Software (and any day now Exploiting Online Games) For more on the series, see www.buildingsecurityin.com. We are always on the lookout for more titles for the series, especially if they dive deeply into one of the seven touchpoints, so if you have a book idea please let me know. Meanwhile, click on this link and buy Brian and Jacob's book: http://www.amazon.com/dp/0321424778 gem company www.cigital.com podcast www.cigital.com/silverbullet blog www.cigital.com/justiceleague book www.swsec.com ********************************************************************** *** This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies. ********************************************************************** *** _______________________________________________ Secure Coding mailing list (SC-L) SC-L at securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/ listinfo/sc-l List charter available at - http://www.securecoding.org/list/ charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http:// www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
Current thread:
- Secure Programming with Static Analysis Brian Chess (Jul 04)
- <Possible follow-ups>
- Secure Programming with Static Analysis Gary McGraw (Jul 05)
- Secure Programming with Static Analysis McGovern, James F (HTSC, IT) (Jul 09)
- Secure Programming with Static Analysis Julie Ryan (Jul 09)
- Secure Programming with Static Analysis McGovern, James F (HTSC, IT) (Jul 09)
- Secure Programming with Static Analysis Gary McGraw (Jul 09)